From b71a3b319fa347157973e45e4e08f407e2cb5d7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Sp=C3=B6hel?= Date: Sun, 9 Jul 2017 15:52:29 +0200 Subject: Making container-tools use nspawn files. --- lib/container/auto | 6 +++--- lib/container/create | 8 +++---- lib/container/list | 6 +++--- lib/container/move | 10 ++++----- lib/container/remove | 12 +++++------ lib/container/start | 46 ++++++++++++++++++++-------------------- lib/container/status | 1 - lib/container/stop | 10 ++++----- share/config/container.conf.in | 28 ------------------------ share/config/container.nspawn.in | 36 +++++++++++++++++++++++++++++++ share/scripts/debconf | 8 +++---- 11 files changed, 89 insertions(+), 82 deletions(-) delete mode 100644 share/config/container.conf.in create mode 100644 share/config/container.nspawn.in diff --git a/lib/container/auto b/lib/container/auto index cbacad2..9db28e6 100755 --- a/lib/container/auto +++ b/lib/container/auto @@ -20,7 +20,7 @@ set -e COMMAND="$(basename ${0})" -CONFIG="/etc/container-tools/config" +CONFIG="/etc/systemd/nspawn" HOOKS="/etc/container-tools/hooks" Parameters () @@ -102,7 +102,7 @@ case "${FORCE}" in ;; esac -for FILE in "${CONFIG}"/*.conf +for FILE in "${CONFIG}"/*.nspawn do if grep -Eqs "^ *cnt.auto=force-true" "${FILE}" then @@ -111,7 +111,7 @@ do if grep -Eqs "^ *cnt.auto=(force-true|true)" "${FILE}" && grep -Eqs "^ *cnt.container-server=${HOST}" "${FILE}" then - CONTAINER="$(basename ${FILE} .conf)" + CONTAINER="$(basename ${FILE} .nspawn)" cnt ${ACTION} -n ${CONTAINER} ${OPTIONS} || true fi diff --git a/lib/container/create b/lib/container/create index 570492f..050878e 100755 --- a/lib/container/create +++ b/lib/container/create @@ -20,7 +20,7 @@ set -e COMMAND="$(basename ${0})" -CONFIG="/etc/container-tools/config" +CONFIG="/etc/systemd/nspawn" HOOKS="/etc/container-tools/hooks" MACHINES="/var/lib/machines" SCRIPTS="/usr/share/container-tools/scripts" @@ -114,9 +114,9 @@ then Usage fi -if [ -e "${CONFIG}/${NAME}.conf" ] +if [ -e "${CONFIG}/${NAME}.nspawn" ] then - echo "'${NAME}': container already exists or ${CONFIG}/${NAME}.conf has not been removed" >&2 + echo "'${NAME}': container already exists or ${CONFIG}/${NAME}.nspawn has not been removed" >&2 exit 1 fi @@ -225,7 +225,7 @@ sed -e "s|@CNT_AUTO@|${CNT_AUTO}|g" \ -e "s|@NETWORK_VETH_EXTRA@|${NETWORK_VETH_EXTRA}|g" \ -e "s|@PRIVATE_USERS@|no|g" \ -e "s|@REGISTER@|yes|g" \ -/usr/share/container-tools/config/container.conf.in > "${CONFIG}/${NAME}.conf" +/usr/share/container-tools/config/container.nspawn.in > "/etc/systemd/nspawn/${NAME}.nspawn" # Run "${SCRIPTS}/${SCRIPT}" $(echo "${@}" | sed -e 's| -- | |') diff --git a/lib/container/list b/lib/container/list index cd88475..2e0bef7 100755 --- a/lib/container/list +++ b/lib/container/list @@ -20,7 +20,7 @@ set -e COMMAND="$(basename ${0})" -CONFIG="/etc/container-tools/config" +CONFIG="/etc/systemd/nspawn" HOOKS="/etc/container-tools/hooks" MACHINES="/var/lib/machines" @@ -327,9 +327,9 @@ for CONTAINER in ${CONTAINERS} do STATE="$(machinectl show ${CONTAINER} 2>&1 | awk -F= '/^State=/ { print $2 }')" - if [ -e "${CONFIG}/${CONTAINER}.conf" ] + if [ -e "${CONFIG}/${CONTAINER}.nspawn" ] then - CONTAINER_SERVER="$(awk -F= '/^cnt.container-server=/ { print $2 }' ${CONFIG}/${CONTAINER}.conf)" + CONTAINER_SERVER="$(crudini --get ${CONFIG}/${CONTAINER}.nspawn ContainerToolsStart cnt.container-server)" CONTAINER_SERVER="${CONTAINER_SERVER:-false}" case "${CONTAINER_SERVER}" in diff --git a/lib/container/move b/lib/container/move index 3cc2e40..b2f2b42 100755 --- a/lib/container/move +++ b/lib/container/move @@ -20,7 +20,7 @@ set -e COMMAND="$(basename ${0})" -CONFIG="/etc/container-tools/config" +CONFIG="/etc/systemd/nspawn" HOOKS="/etc/container-tools/hooks" MACHINES="/var/lib/machines" @@ -138,11 +138,11 @@ do done # Run -mv "${CONFIG}/${OLD}.conf" "${CONFIG}/${NEW}.conf" +mv "${CONFIG}/${OLD}.nspawn" "${CONFIG}/${NEW}.nspawn" mv "${MACHINES}/${OLD}" "${MACHINES}/${NEW}" # rw bind mounts -BIND="$(awk -F= '/^bind=/ { print $2 }' ${CONFIG}/${NAME}.conf)" +BIND="$(crudini --get ${CONFIG}/${NAME}.nspawn Files Bind)" if [ -n "${BIND}" ] then @@ -169,7 +169,7 @@ then fi # ro bind mounts -BIND_RO="$(awk -F= '/^bind-ro=/ { print $2 }' ${CONFIG}/${NAME}.conf)" +BIND_RO="$(crudini --get ${CONFIG}/${NAME}.nspawn Files BindReadOnly)" if [ -n "${BIND_RO}" ] then @@ -196,7 +196,7 @@ then fi # config -sed -i -e "s|${OLD}|${NEW}|g" "${CONFIG}/${NEW}.conf" +sed -i -e "s|${OLD}|${NEW}|g" "${CONFIG}/${NEW}.nspawn" # Post hooks for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" diff --git a/lib/container/remove b/lib/container/remove index c9a45a6..24a58be 100755 --- a/lib/container/remove +++ b/lib/container/remove @@ -20,7 +20,7 @@ set -e COMMAND="$(basename ${0})" -CONFIG="/etc/container-tools/config" +CONFIG="/etc/systemd/nspawn" HOOKS="/etc/container-tools/hooks" MACHINES="/var/lib/machines" @@ -104,7 +104,7 @@ then Usage fi -if [ ! -e "${MACHINES}/${NAME}" ] && [ ! -e "${CONFIG}/${NAME}.conf" ] +if [ ! -e "${MACHINES}/${NAME}" ] && [ ! -e "${CONFIG}/${NAME}.nspawn" ] then echo "'${NAME}': no such container" >&2 exit 1 @@ -160,10 +160,10 @@ do done # data -if [ -e "${CONFIG}/${NAME}.conf" ] +if [ -e "${CONFIG}/${NAME}.nspawn" ] then # Removing rw bind mounts - BIND="$(awk -F= '/^bind=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + BIND="$(crudini --get ${CONFIG}/${NAME}.nspawn Files Bind)" if [ -n "${BIND}" ] then @@ -178,7 +178,7 @@ then fi # Removing ro bind mounts - BIND_RO="$(awk -F= '/^bind-ro=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + BIND_RO="$(crudini --get ${CONFIG}/${NAME}.nspawn Files BindReadOnly)" if [ -n "${BIND_RO}" ] then @@ -195,7 +195,7 @@ fi # Run rm --preserve-root --one-file-system -rf ${RM_OPTIONS} "${MACHINES}/${NAME}" -rm -f ${RM_OPTIONS} "${CONFIG}/${NAME}.conf" +rm -f ${RM_OPTIONS} "${CONFIG}/${NAME}.nspawn" # Post hooks for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" diff --git a/lib/container/start b/lib/container/start index 99639f6..b19b482 100755 --- a/lib/container/start +++ b/lib/container/start @@ -20,7 +20,7 @@ set -e COMMAND="$(basename ${0})" -CONFIG="/etc/container-tools/config" +CONFIG="/etc/systemd/nspawn" HOOKS="/etc/container-tools/hooks" MACHINES="/var/lib/machines" @@ -173,9 +173,9 @@ case "${START}" in esac # config -if [ -e "${CONFIG}/${NAME}.conf" ] +if [ -e "${CONFIG}/${NAME}.nspawn" ] then - CNT_OVERLAY="$(awk -F= '/^cnt.overlay=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + CNT_OVERLAY="$(crudini --get ${CONFIG}/${NAME}.nspawn Files Overlay)" if [ -n "${CNT_OVERLAY}" ] then @@ -200,7 +200,7 @@ then done fi - BIND="$(awk -F= '/^bind=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + BIND="$(crudini --get ${CONFIG}/${NAME}.nspawn Files Bind)" if [ -n "${BIND}" ] then @@ -221,7 +221,7 @@ then done fi - BIND_RO="$(awk -F= '/^bind-ro=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + BIND_RO="$(crudini --get ${CONFIG}/${NAME}.nspawn Files BindReadOnly)" if [ -n "${BIND_RO}" ] then @@ -242,7 +242,7 @@ then done fi - BOOT="$(awk -F= '/^boot=/ { print $2 }' ${CONFIG}/${NAME}.conf || echo yes)" + BOOT="$(crudini --get ${CONFIG}/${NAME}.nspawn Exec Boot)" case "${BOOT}" in yes) @@ -254,7 +254,7 @@ then ;; esac - CAPABILITY="$(awk -F= '/^capability=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + CAPABILITY="$(crudini --get ${CONFIG}/${NAME}.nspawn Exec Capability)" case "${CAPABILITY}" in "") @@ -266,10 +266,10 @@ then ;; esac - DIRECTORY="$(awk -F= '/^directory=/ { print $2 }' ${CONFIG}/${NAME}.conf || echo ${MACHINES}/${NAMES})" + DIRECTORY="$(crudini --get ${CONFIG}/${NAME}.nspawn ContainerToolsStart directory)" DIRECTORY="--directory ${DIRECTORY}" - DROP_CAPABILITY="$(awk -F= '/^drop-capability=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + DROP_CAPABILITY="$(crudini --get ${CONFIG}/${NAME}.nspawn Exec DropCapability)" case "${DROP_CAPABILITY}" in "") @@ -281,7 +281,7 @@ then ;; esac - LINK_JOURNAL="$(awk -F= '/^link-journal=/ { print $2 }' ${CONFIG}/${NAME}.conf || echo no)" + LINK_JOURNAL="$(crudini --get ${CONFIG}/${NAME}.nspawn ContainerToolsStart link-journal)" case "${LINK_JOURNAL}" in yes) @@ -295,7 +295,7 @@ then MACHINE="--machine=${NAME}" - NETWORK_VETH_EXTRA_CONF="$(awk -F= '/^network-veth-extra=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + NETWORK_VETH_EXTRA_CONF="$(crudini --get ${CONFIG}/${NAME}.nspawn ContainerToolsStart network-veth-extra)" NETWORK_VETH_EXTRA="" case "${NETWORK_VETH_EXTRA_CONF}" in @@ -324,7 +324,7 @@ EOF ;; esac - NETWORK_BRIDGES="$(awk -F= '/^cnt.network-bridge=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + NETWORK_BRIDGES="$(crudini --get ${CONFIG}/${NAME}.nspawn ContainerToolsStart cnt.network-bridge)" case "${NETWORK_BRIDGES}" in "") @@ -360,7 +360,7 @@ EOF ;; esac - PRIVATE_USERS="$(awk -F= '/^private-users=/ { print $2 }' ${CONFIG}/${NAME}.conf || echo no)" + PRIVATE_USERS="$(crudini --get ${CONFIG}/${NAME}.nspawn Exec PrivateUsers)" case "${PRIVATE_USERS}" in yes) @@ -372,7 +372,7 @@ EOF ;; esac - REGISTER="$(awk -F= '/^register=/ { print $2 }' ${CONFIG}/${NAME}.conf || echo yes)" + REGISTER="$(crudini --get ${CONFIG}/${NAME}.nspawn ContainerToolsStart register)" case "${REGISTER}" in yes) @@ -384,15 +384,15 @@ EOF ;; esac - BLOCK_IO_DEVICE_WEIGHT="$(awk -F= '/^BlockIODeviceWeight=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + BLOCK_IO_DEVICE_WEIGHT="$(crudini --get ${CONFIG}/${NAME}.nspawn ContainerToolsLimit BlockIODeviceWeight)" if [ -n "${BLOCK_IO_DEVICE_WEIGHT}" ] then - BLOCK_IO_DEVICE_WEIGHT="BlockIODeviceWeight=${BLOCK_IO_DEVICE_WEIGHT}" + BLOCK_IO_DEVICE_WEIGHT="BlockIODeviceWeight=${BLOCK_IO_DEVICE_WEIGHT}"BlockIODeviceWeight SET_PROPERTY="true" fi - BLOCK_IO_READ_BANDWITH="$(awk -F= '/^BlockIOReadBandwith=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + BLOCK_IO_READ_BANDWITH="$(crudini --get ${CONFIG}/${NAME}.nspawn ContainerToolsLimit BlockIOReadBandwith)" if [ -n "${BLOCK_IO_READ_BANDWITH}" ] then @@ -400,7 +400,7 @@ EOF SET_PROPERTY="true" fi - BLOCK_IO_WEIGHT="$(awk -F= '/^BlockIOWeight=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + BLOCK_IO_WEIGHT="$(crudini --get ${CONFIG}/${NAME}.nspawn ContainerToolsLimit BlockIOWeight)" if [ -n "${BLOCK_IO_WEIGHT}" ] then @@ -408,7 +408,7 @@ EOF SET_PROPERTY="true" fi - BLOCK_IO_WRITE_BANDWITH="$(awk -F= '/^BlockIOWriteBandwith=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + BLOCK_IO_WRITE_BANDWITH="$(crudini --get ${CONFIG}/${NAME}.nspawn ContainerToolsLimit BlockIOWriteBandwith)" if [ -n "${BLOCK_IO_WRITE_BANDWITH}" ] then @@ -416,7 +416,7 @@ EOF SET_PROPERTY="true" fi - CPU_QUOTA="$(awk -F= '/^CPUQuota=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + CPU_QUOTA="$(crudini --get ${CONFIG}/${NAME}.nspawn ContainerToolsLimit CPUQuota)" if [ -n "${CPU_QUOTA}" ] then @@ -424,7 +424,7 @@ EOF SET_PROPERTY="true" fi - CPU_SHARES="$(awk -F= '/^CPUShares=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + CPU_SHARES="$(crudini --get ${CONFIG}/${NAME}.nspawn ContainerToolsLimit CPUShares)" if [ -n "${CPU_SHARES}" ] then @@ -432,7 +432,7 @@ EOF SET_PROPERTY="true" fi - MEMORY_LIMIT="$(awk -F= '/^MemoryLimit=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + MEMORY_LIMIT="$(crudini --get ${CONFIG}/${NAME}.nspawn ContainerToolsLimit MemoryLimit)" if [ -n "${MEMORY_LIMIT}" ] then @@ -440,7 +440,7 @@ EOF SET_PROPERTY="true" fi - TASKS_MAX="$(awk -F= '/^TasksMax=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + TASKS_MAX="$(crudini --get ${CONFIG}/${NAME}.nspawn ContainerToolsLimit TasksMax)" if [ -n "${TASKS_MAX}" ] then diff --git a/lib/container/status b/lib/container/status index 7429c78..9e38d86 100755 --- a/lib/container/status +++ b/lib/container/status @@ -20,7 +20,6 @@ set -e COMMAND="$(basename ${0})" -CONFIG="/etc/container-tools/config" HOOKS="/etc/container-tools/hooks" MACHINES="/var/lib/machines" diff --git a/lib/container/stop b/lib/container/stop index 12cf7fa..0e3b635 100755 --- a/lib/container/stop +++ b/lib/container/stop @@ -20,7 +20,7 @@ set -e COMMAND="$(basename ${0})" -CONFIG="/etc/container-tools/config" +CONFIG="/etc/systemd/nspawn" HOOKS="/etc/container-tools/hooks" MACHINES="/var/lib/machines" @@ -126,7 +126,7 @@ STATE="$(machinectl show ${NAME} 2>&1 | awk -F= '/^State=/ { print $2 }')" case "${CLEAN}" in true) # Removing overlay mounts - CNT_OVERLAY="$(awk -F= '/^cnt.overlay=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + CNT_OVERLAY="$(crudini --get ${CONFIG}/${NAME}.nspawn Files Overlay)" if [ -n "${CNT_OVERLAY}" ] then @@ -146,7 +146,7 @@ case "${CLEAN}" in fi # Removing rw bind mounts - BIND="$(awk -F= '/^bind=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + BIND="$(crudini --get ${CONFIG}/${NAME}.nspawn Files Bind)" if [ -n "${BIND}" ] then @@ -161,7 +161,7 @@ case "${CLEAN}" in fi # Removing ro bind mounts - BIND_RO="$(awk -F= '/^bind-ro=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + BIND_RO="$(crudini --get ${CONFIG}/${NAME}.nspawn Files BindReadOnly)" if [ -n "${BIND_RO}" ] then @@ -176,7 +176,7 @@ case "${CLEAN}" in fi # Removing network configuration - NETWORK_VETH_EXTRA_CONF="$(awk -F= '/^network-veth-extra=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + NETWORK_VETH_EXTRA_CONF="$(crudini --get ${CONFIG}/${NAME}.nspawn ContainerToolsStart network-veth-extra)" case "${NETWORK_VETH_EXTRA_CONF}" in "") diff --git a/share/config/container.conf.in b/share/config/container.conf.in deleted file mode 100644 index 322e2c9..0000000 --- a/share/config/container.conf.in +++ /dev/null @@ -1,28 +0,0 @@ -# container-tools: @NAME@ - -[start] -cnt.auto=@CNT_AUTO@ -cnt.container-server=@CNT_CONTAINER_SERVER@ -cnt.network-bridge=@CNT_NETWORK_BRIDGE@ -cnt.overlay=@CNT_OVERLAY@ -bind=@BIND@ -bind-ro=@BIND_RO@ -boot=@BOOT@ -capability=@CAPABILITY@ -directory=@DIRECTORY@ -drop-capability=@DROP_CAPABILITY@ -link-journal=@LINK_JOURNAL@ -machine=@MACHINE@ -network-veth-extra=@NETWORK_VETH_EXTRA@ -private-users=@PRIVATE_USERS@ -register=@REGISTER@ - -[limit] -BlockIODeviceWeight= -BlockIOReadBandwidth= -BlockIOWeight= -BlockIOWriteBandwidth= -CPUQuota= -CPUShares= -MemoryLimit= -TasksMax= diff --git a/share/config/container.nspawn.in b/share/config/container.nspawn.in new file mode 100644 index 0000000..774df95 --- /dev/null +++ b/share/config/container.nspawn.in @@ -0,0 +1,36 @@ +# systemd-nspawn @NAME@ + +[Exec] +Boot=@BOOT@ +Capability=@CAPABILITY@ +DropCapability=@DROP_CAPABILITY@ +PrivateUsers=@PRIVATE_USERS@ + +[Files] +Bind=@BIND@ +BindReadOnly=@BIND_RO@ +Overlay=@CNT_OVERLAY@ + +[Network] +VirtualEthernetExtra= + +# open-infrastructure-container-tools extension +[ContainerToolsStart] +cnt.auto=@CNT_AUTO@ +cnt.container-server=@CNT_CONTAINER_SERVER@ +cnt.network-bridge=@CNT_NETWORK_BRIDGE@ +directory=@DIRECTORY@ +link-journal=@LINK_JOURNAL@ +machine=@MACHINE@ +network-veth-extra=@NETWORK_VETH_EXTRA@ +register=@REGISTER@ + +[ContainerToolsLimit] +BlockIODeviceWeight= +BlockIOReadBandwidth= +BlockIOWeight= +BlockIOWriteBandwidth= +CPUQuota= +CPUShares= +MemoryLimit= +TasksMax= diff --git a/share/scripts/debconf b/share/scripts/debconf index 38bf937..9e74662 100755 --- a/share/scripts/debconf +++ b/share/scripts/debconf @@ -20,7 +20,7 @@ set -e SCRIPT="${0}" -CONFIG="/etc/container-tools/config" +CONFIG="/etc/systemd/nspawn" HOOKS="/etc/container-tools/hooks" MACHINES="/var/lib/machines" @@ -937,7 +937,7 @@ Commands () -e "s|^bind=.*|bind=${BIND}|g" \ -e "s|^bind-ro=.*|bind-ro=${BIND_RO}|g" \ -e "s|^network-veth-extra=.*|network-veth-extra=${HOST_INTERFACE_NAME}:eth0|g" \ - "${CONFIG}/${NAME}.conf" + "${CONFIG}/${NAME}.nspawn" for NUMBER in $(seq 1 ${NETWORK_NUMBER}) do @@ -953,10 +953,10 @@ Commands () HOST_INTERFACE_NAME="$(echo ${HOST_INTERFACE_NAME:-veth-${HOSTNAME_SHORT}-${NUMBER}})" CONTAINER_INTERFACE_NAME="eth${NUMBER}" - sed -i -e "/^register=.*/ a network-veth-extra=${HOST_INTERFACE_NAME}:${CONTAINER_INTERFACE_NAME}" "${CONFIG}/${NAME}.conf" + sed -i -e "/^register=.*/ a network-veth-extra=${HOST_INTERFACE_NAME}:${CONTAINER_INTERFACE_NAME}" "${CONFIG}/${NAME}.nspawn" eval BRIDGE="$`echo NETWORK${NUMBER}_BRIDGE`" - sed -i -e "/^register=.*/ a cnt.network-bridge=${HOST_INTERFACE_NAME}:${BRIDGE:-br${NUMBER}}" "${CONFIG}/${NAME}.conf" + sed -i -e "/^register=.*/ a cnt.network-bridge=${HOST_INTERFACE_NAME}:${BRIDGE:-br${NUMBER}}" "${CONFIG}/${NAME}.nspawn" done # Setting root password -- cgit v1.2.3